Security

Sternum’s Solution Beats BotenaGo Malware Targeting Millions of Devices in a Live Trial

Sternum | February 08, 2022

Sternum, the universal Internet of Things (IoT) cybersecurity and analytics platform provider, reveals a successful live-fire test of its smart device security platform against BotenaGo malware. Sternum’s unique solution, which looks out for generic fingerprints of an attempted attack to protect the device’s runtime integrity, kept an unpatched device protected in multiple attacks utilizing an exploit from the virus’s arsenal.

Botnet malware seeks out vulnerabilities in millions of IoT devices and uses those to deploy malicious payloads, granting the hacker control over affected targets. An advanced botnet like the infamous Mirai can build up an entire army of “zombified” devices that would then be used for denial-of-service attacks and other malicious activities. BotenaGo, the new addition to this malware class, first came up on radars in November 2021 as a sleek and dangerous virus, packing 33 vulnerabilities tailored to infect millions of routers. A lot of the exploits it relies on are command injections, which force the device to execute malicious OS commands and are ranked as one of the most dangerous software vulnerabilities. In January 2022, BotenaGo’s source code went up on GitHub, available for any rookie hacker to use at will, or add some of its exploits to their own custom malware.

Sternum pitted the malware against its unique IoT security solution in a live-fire trial on an off-the-shelf vulnerable device. First, the company’s team used a command injection exploit from the virus’s arsenal to infect an unpatched and unprotected Zyxel NAS326 cloud storage device. To confirm the successful attack, the security experts switched the light indicators on the device’s front on and off through the malware.

Then, Sternum researchers installed the company’s solution on the device, still unpatched, and ran the attack again multiple times. The solution successfully protected the cloud storage unit, striking down the infection attempts. It also automatically collected all the necessary forensics data such as timestamps and IP addresses involved in the attacks, pinpointing the vulnerabilities in the device’s firmware and offering automatic root-cause analysis.

Sternum’s single-click security solution gives any connected device the ability to protect itself against hacking attempts in real-time. It seeks out the generic fingerprints of various attack types such as command injection and buffer overflow to strike the attempted attack down and protect the runtime integrity of the secured device against both zero-day and one-day attacks. Its design fosters a proactive IoT security paradigm that ditches the need to play catch-up with hackers through long and costly patching. Sternum’s solution enables devices to actively defend themselves from novel pieces of malware even before security researchers identify them, as seen in the live demo.

“BotenaGo arms any script kiddo with a potent tool capable of infecting millions of devices. Patching takes time, and we know of a few cases where the devices were left vulnerable even after an available update. By beating the virus without the need for a patch, our platform once again proves itself as a powerful security platform that allows companies to always be one step ahead of the game. By focusing on generic fingerprints shared by all attacks instead of wasting time and money on patching specific vulnerabilities, it can defeat viruses that haven’t even been written yet.”

Natali Tshuva, Co-Founder and CEO of Sternum

About Sternum
Sternum, the provider of the first universal IoT platform for security and observability offering runtime protection and visibility to IoT devices, was founded in 2018 by 8200 veterans with a profound understanding of both defender and attacker mindsets. With a goal to deliver one unified and powerful platform to all IoT devices across sectors, Sternum set out to build an uncompromising, innovative technology. Sternum’s product suite consists of two key solutions: Embedded Integrity Verification (EIV) and ADS (Analytics & Detection System); both answer the unique needs of IoT device-level protection and visibility in medical, industry 4.0, smart cities, energy, and beyond. 

Spotlight

IDC’s research demonstrates that enterprise organizations are prioritizing digital infrastructure (DX) resiliency as a foundational element of their IT strategy. Organizations are looking for richer levels of visibility, cross-platform control, advanced data management, and protection that spans the entire ecosystem, including public or private cloud, on premises, colocation facility, and edge. DX initiatives rely on data-driven insights to deliver competitive differentiation, increased customer engagement, streamlined business operations, increased staff productivity, and growth in revenue and profitability. IT infrastructure is one of the crucial pillars of DX. In fact, DX cannot succeed without IT transformation, aligned with business strategy to meet or exceed service-level objectives for data-driven insights. Because of this realization, organizations are now focused on managing outcomes instead of IT infrastructure and looking to vendors and partners to help reach this goal.

Spotlight

IDC’s research demonstrates that enterprise organizations are prioritizing digital infrastructure (DX) resiliency as a foundational element of their IT strategy. Organizations are looking for richer levels of visibility, cross-platform control, advanced data management, and protection that spans the entire ecosystem, including public or private cloud, on premises, colocation facility, and edge. DX initiatives rely on data-driven insights to deliver competitive differentiation, increased customer engagement, streamlined business operations, increased staff productivity, and growth in revenue and profitability. IT infrastructure is one of the crucial pillars of DX. In fact, DX cannot succeed without IT transformation, aligned with business strategy to meet or exceed service-level objectives for data-driven insights. Because of this realization, organizations are now focused on managing outcomes instead of IT infrastructure and looking to vendors and partners to help reach this goal.

Related News

Enterprise Iot, Software and Tools

Seven European Internet of Things Solution Providers Choose EchoStar for Real-Time Satellite IoT Connectivity

PRnewswire | July 03, 2023

EchoStar Corporation (Nasdaq: SATS) announced today that seven leading European Internet of Things (IoT) service providers have signed multi-year commercial agreements to develop and sell IoT solutions using EchoStar Mobile's Pan-European, satellite based, LoRa®-enabled IoT network. The customers, API-K, Cyric, DalesLandNet, Dryad, Galaxy1, ProEsys and Symes are leveraging the real-time network to enable massive IoT deployments for applications such as outdoor personal geo-safety, soil moisture monitoring, ultra-early forest fire detection, utility metering and pipeline monitoring. "We thank these innovative customers for choosing the EchoStar Mobile IoT network to meet their requirements for real-time, bi-directional sensor connectivity across agritech, utility, consumer recreational tracking and environmental markets," said Telemaco Melia, vice president and general manager, EchoStar Mobile. "These deployments validate our customer value proposition by integrating seamlessly into the existing IoT ecosystem, achieving ubiquitous service continuity for our customers without requiring expensive terrestrial infrastructure." Compatible with Semtech Corporation's LoRa-enabled wireless platform for device connectivity, the powerful, geostationary, EchoStar XXI S-band satellite delivers pervasive, two-way connectivity seamlessly across Europe without requiring roaming agreements across geographies. To add the satellite capability to their IoT solutions, customers can upgrade existing commercially deployed devices easily with the low power and compact EchoStar Mobile EM2050 dual-mode satellite-terrestrial module. EchoStar received a 2023 IoT Business Impact Award for the Pan-European IoT Network from IoT Evolution magazine, the leading publication covering IoT technologies. "It is my pleasure to recognize EchoStar's Pan-European LoRa-enabled IoT network, an innovative solution that earned EchoStar the 2023 Business Impact Award," said Rich Tehrani, CEO, TMC. "I look forward to seeing more successful deployments of best-in-class solutions from EchoStar in the future." EchoStar Mobile Limited is the EchoStar subsidiary in Europe that operates a mobile satellite system (MSS) network using the geostationary EchoStar XXI satellite. Globally, EchoStar is developing an S-band constellation of low Earth orbit (LEO) satellites, called EchoStar Lyra™, to support Internet of Things connectivity as the company explores development of a global non-terrestrial 5G network in the S-band. About TMC Through education, industry news, live events and social influence, global buyers rely on TMC's content-driven marketplaces to make purchase decisions and navigate markets. As a result, leading technology vendors turn to TMC for unparalleled branding, thought leadership and lead generation opportunities. Our in-person and online events deliver unmatched visibility and sales prospects for all percipients. Through our custom lead generation programs, we provide clients with an ongoing stream of leads that turn into sales opportunities and build databases. Additionally, we bolster brand reputations with the millions of impressions from display advertising on our news sites and newsletters. Making TMC a 360 degree marketing solution, we offer comprehensive event and road show management services and custom content creation with expertly ghost-crafted blogs, press releases, articles and marketing collateral to help with SEO, branding, and overall marketing efforts. For more information about TMC and to learn how we can help you reach your marketing goals, please visit www.tmcnet.com and follow us on Facebook, LinkedIn and Twitter, @tmcnet. About EchoStar EchoStar Corporation (Nasdaq: SATS) is a premier technology and networking services provider offering consumer, enterprise, operator and government solutions worldwide under its Hughes®, HughesNet® and EchoStar® brands. In Europe, EchoStar operates under its EchoStar Mobile Limited subsidiary and in Australia, the company operates as EchoStar Global Australia. For more information, visit www.echostar.com and follow EchoStar on Twitter and LinkedIn.

Read More

Industrial IoT

Arduino Introduces the Nano ESP32, Bringing the Popular IoT Microcontroller into the Arduino Ecosystem

Businesswire | July 18, 2023

Arduino, the open-source hardware pioneer with 32 million active developers worldwide, announced the Arduino Nano ESP32, the newest member of the Nano family that combines the openness and support of the Arduino community with the robust capabilities of Espressif’s ESP32-S3 microcontroller to bring “plug-and-play” IoT deployments for advanced enterprise use cases and hobbyist engineers. The board enables entirely new ways for makers at all levels to create projects smarter and faster. Beginners can explore in an easy-to-understand, welcoming environment, with a popular MCU supported by deep documentation and a global community of users. At the same time, more advanced users can take advantage of the Nano ESP32’s multi-language support and debugging capabilities to quickly improve their project’s performance. “Arduino is synonymous with a consistent and well-documented ecosystem, always updated and open to contribution,” said Massimo Banzi, Arduino’s co-founder, chairman and CMO. “Given the ESP32 is one of the most popular boards for IoT and prototyping, combining with the Nano form factor meets our community’s needs and expectations by providing both the best technology and the best experience.” “With the launch of Arduino Nano ESP32, we aim to empower developers, makers, and innovators with a comprehensive platform that seamlessly integrates the power and versatility of Espressif's hardware with the simplicity and accessibility of Arduino's ecosystem.” said Teo Swee-Ann, CEO of Espressif Systems “We share a common vision of democratizing technology and fostering an open and collaborative ecosystem. We're excited about the opportunities this partnership will unlock and the incredible projects it will fuel.” The Nano ESP32 supports both Micropython and Arduino programming languages, providing a clear path for those already familiar with one platform to easily switch back and forth as needed. It also features plug-and-play debugging with the Arduino IDE 2, which eliminates the need for any external hardware or third-party software and makes developing robust projects easier than ever before. Powered by the ESP32-S3 (Ublox NORA-W106-10B) microcontroller, the Nano ESP32 packs serious performance into the Nano form factor, featuring 8 MB internal PSRAM / 16 MB external flash memory 512KB SRAM and 16KB of RTC SRAM Dual-core CPU at 240 MHz clock speed USB-C programming port The Arduino Nano ESP32 is available to order today in the Arduino Store, starting at $18. With this latest product release, Arduino continues to strengthen its position as the world’s leader in open-source hardware and software. The company recently released the UNO R4, giving the world's most popular development board massive improvements in speed, memory, connectors and connectivity options. It also became a partner in the Zephyr® Project, an open-source RTOS project at the Linux Foundation. On the business side, Arduino closed a $32 million Series B funding round last year and recently announced new offices and leadership in the United States to support the company’s largest region of business. About Arduino Arduino is the global leader in open-source hardware and software, designed from inception to provide an accessible platform and ecosystem for creativity and innovation. With over 30 million developers worldwide, Arduino’s solutions offer a powerful answer to the talent shortage in engineering and break free from vendor lock-in with a robust line of open-source products enabling IoT, automation, Industry 4.0 and machine learning at the edge. Hundreds of thousands of engineers, designers, students and makers around the world are using Arduino to innovate in product development, education, industrial automation, smart homes, farming, fashion, music, autonomous vehicles and more.

Read More

Infrastructure

Infineon further extends its edge AI capabilities and choice-of-platforms for ML-based models for Bluetooth customers by partnering with Edge Impulse

Businesswire | July 07, 2023

Infineon Technologies AG today announced it is teaming with Edge Impulse to extend its Tiny Machine Learning-based AI development tools for the PSoC™ 63 Bluetooth® LE microcontroller (MCU). Developers of AI-enabled IoT applications can now also build edge Machine Learning (ML) applications using the Edge Impulse Studio environment for deployment on high-performance, low-power PSoC 63 Bluetooth LE MCUs. This collaboration allows customers added flexibility and choice-of-platforms to natively develop and configure ML applications for systems based on PSoC 63 Bluetooth LE MCU devices, which provide 150-MHz Arm® CPU performance with low-power connectivity and a rich suite of peripheral options. For example, the CY8CKIT-062-BLE Pioneer Kit coupled with the E-Ink Display Shield Board (CY8CKIT-028-EPD) incorporates an inertial measurement unit, microphone, and temperature sensor. This supports applications that collect real-world sensor data for processing by Tiny Machine Learning-based AI models in systems optimized for low-power, low-cloud-cost edge IoT environments. Infineon’s PSoC 63 Bluetooth LE MCU devices feature a dual-core Arm® Cortex®-M4F and Arm Cortex-M0+ chip architecture, Bluetooth LE 5.2, configurable voltage and frequency settings, built-in hardware-based security, state-of-the-art capacitive interfaces, and more, on a single chip. As the only 150 MHz Bluetooth LE MCU on the market, this variant of the Infineon PSoC device family is a powerful combination of power efficiency, size, and programmability, making it perfectly suited for edge IoT applications that benefit from the ability to run advanced ML algorithms. Edge Impulse’s products streamline the entire process of collecting and structuring data sets, designing algorithms with pre-built building blocks, validating the models with real-time data, and deploying the fully optimized production-ready results to edge targets such as the PSoC 63 Bluetooth LE MCU. “By collaborating with Edge Impulse on the PSoC 63 Bluetooth LE MCU, Infineon customers can bring their solutions faster to market for embedded AI/ML use cases. Infineon is committed to enable our customers to develop their own AI/ML models, or use a model out of a suite of predefined models available from Infineon or our valuable partners. Infineon is excited to add Edge Impulse to our growing partner network, and will continue to work with our extensive group of AI/ML partners that complements our offerings,” said Shantanu Bhalerao, Vice President of the Bluetooth Product Line at Infineon. “With its advanced processing capabilities and low power consumption, the PSoC 63 Bluetooth LE MCU is an ideal vehicle for the next generation of edge devices, from wearables to industrial monitoring,” said Zach Shelby, CEO and co-founder of Edge Impulse. “Matched with the Edge Impulse platform, embedded developers can more quickly develop and deploy powerful solutions for an exciting range of edge ML applications.” About Edge Impulse Edge Impulse enables all enterprises to build smarter edge products. Their technology empowers developers to bring AI solutions to market faster, and helps enterprise teams rapidly develop industry-specific solutions in weeks instead of years. Edge Impulse provides powerful automation and low-code capabilities to make it easier to build valuable datasets and develop advanced AI with streaming data. With over 75,000 developers, and partnerships with the top silicon vendors, Edge Impulse offers a seamless integration experience to validate and deploy with confidence across the largest hardware ecosystem. More information about Edge Impulse is available at www.edgeimpulse.com. About Infineon Bluetooth Products With more than one billion devices shipped, Infineon’s AIROC™ Bluetooth and Bluetooth Low Energy devices are the first choice for IoT solutions. The broad portfolio includes high-performing, reliable, ultra-low-power products that deliver robust industry-leading performance.

Read More